[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[ 72.346550][ T30] audit: type=1800 audit(1562040480.394:25): pid=11574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 72.381814][ T30] audit: type=1800 audit(1562040480.414:26): pid=11574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 72.401998][ T30] audit: type=1800 audit(1562040480.424:27): pid=11574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts.
2019/07/02 04:08:13 fuzzer started
2019/07/02 04:08:18 dialing manager at 10.128.0.26:40783
2019/07/02 04:08:18 syscalls: 2348
2019/07/02 04:08:18 code coverage: enabled
2019/07/02 04:08:18 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/02 04:08:18 extra coverage: enabled
2019/07/02 04:08:18 setuid sandbox: enabled
2019/07/02 04:08:18 namespace sandbox: enabled
2019/07/02 04:08:18 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/02 04:08:18 fault injection: enabled
2019/07/02 04:08:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/02 04:08:18 net packet injection: enabled
2019/07/02 04:08:18 net device setup: enabled
04:10:27 executing program 0:
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000300), 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x3fff}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x31a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084)
r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
clock_settime(0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r1, r0, 0x0, 0x10200000a)
syzkaller login: [ 219.500191][T11740] IPVS: ftp: loaded support on port[0] = 21
[ 219.620952][T11740] chnl_net:caif_netlink_parms(): no params data found
[ 219.671436][T11740] bridge0: port 1(bridge_slave_0) entered blocking state
[ 219.678797][T11740] bridge0: port 1(bridge_slave_0) entered disabled state
[ 219.687538][T11740] device bridge_slave_0 entered promiscuous mode
[ 219.696450][T11740] bridge0: port 2(bridge_slave_1) entered blocking state
[ 219.703796][T11740] bridge0: port 2(bridge_slave_1) entered disabled state
[ 219.712654][T11740] device bridge_slave_1 entered promiscuous mode
[ 219.741602][T11740] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 219.753514][T11740] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 219.782673][T11740] team0: Port device team_slave_0 added
[ 219.791331][T11740] team0: Port device team_slave_1 added
[ 219.925819][T11740] device hsr_slave_0 entered promiscuous mode
[ 220.042320][T11740] device hsr_slave_1 entered promiscuous mode
[ 220.219203][T11740] bridge0: port 2(bridge_slave_1) entered blocking state
[ 220.226558][T11740] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 220.234280][T11740] bridge0: port 1(bridge_slave_0) entered blocking state
[ 220.241502][T11740] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 220.308557][T11740] 8021q: adding VLAN 0 to HW filter on device bond0
[ 220.327499][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 220.339328][ T17] bridge0: port 1(bridge_slave_0) entered disabled state
[ 220.349923][ T17] bridge0: port 2(bridge_slave_1) entered disabled state
[ 220.362815][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 220.382847][T11740] 8021q: adding VLAN 0 to HW filter on device team0
[ 220.399393][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 220.408747][ T17] bridge0: port 1(bridge_slave_0) entered blocking state
[ 220.416064][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 220.465251][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 220.474237][ T17] bridge0: port 2(bridge_slave_1) entered blocking state
[ 220.481429][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 220.491106][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 220.501184][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 220.510554][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 220.519675][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 220.530992][T11740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 220.539339][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 220.592009][T11740] 8021q: adding VLAN 0 to HW filter on device batadv0
04:10:29 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000000))
04:10:29 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070")
r1 = socket$inet6(0xa, 0x80001, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x12, r1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/stat\x00')
04:10:29 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000), 0x4)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xffffffffffffff4b, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c)
shutdown(r1, 0x1)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x1f4, 0x0, 0x0)
[ 221.537289][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 221.551356][ C1] ==================================================================
[ 221.559571][ C1] BUG: KMSAN: uninit-value in tcp_create_openreq_child+0x157f/0x1cc0
[ 221.567729][ C1] CPU: 1 PID: 11761 Comm: syz-executor.0 Not tainted 5.2.0-rc4+ #7
[ 221.575820][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 221.585982][ C1] Call Trace:
[ 221.589264][ C1]
[ 221.592128][ C1] dump_stack+0x191/0x1f0
[ 221.596466][ C1] kmsan_report+0x162/0x2d0
[ 221.600982][ C1] __msan_warning+0x75/0xe0
[ 221.605492][ C1] tcp_create_openreq_child+0x157f/0x1cc0
[ 221.611262][ C1] tcp_v6_syn_recv_sock+0x761/0x2d80
[ 221.616575][ C1] ? __msan_poison_alloca+0x1c0/0x270
[ 221.621948][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 221.627845][ C1] ? cookie_v6_check+0x27e0/0x29a0
[ 221.632959][ C1] ? tcp_v6_conn_request+0x2d0/0x2d0
[ 221.638334][ C1] tcp_get_cookie_sock+0x16e/0x6b0
[ 221.643481][ C1] cookie_v6_check+0x27e0/0x29a0
[ 221.648460][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 221.653333][ C1] ? kmsan_memcpy_memmove_metadata+0x8bc/0xe00
[ 221.659602][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 221.664162][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 221.669925][ C1] ip6_input+0x2af/0x340
[ 221.674176][ C1] ? ip6_input+0x340/0x340
[ 221.678601][ C1] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0
[ 221.684490][ C1] ipv6_rcv+0x683/0x710
[ 221.688657][ C1] ? local_bh_enable+0x40/0x40
[ 221.693432][ C1] process_backlog+0x721/0x1410
[ 221.698298][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 221.704198][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 221.710106][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 221.715407][ C1] net_rx_action+0x738/0x1940
[ 221.720109][ C1] ? net_tx_action+0xb70/0xb70
[ 221.724885][ C1] __do_softirq+0x4ad/0x858
[ 221.729405][ C1] do_softirq_own_stack+0x49/0x80
[ 221.734422][ C1]
[ 221.737541][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 221.742746][ C1] local_bh_enable+0x36/0x40
[ 221.747342][ C1] ip6_finish_output2+0x213f/0x2670
[ 221.752569][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 221.758467][ C1] ip6_finish_output+0xae4/0xbc0
[ 221.763424][ C1] ip6_output+0x5d3/0x720
[ 221.767768][ C1] ? ip6_output+0x720/0x720
[ 221.772271][ C1] ? ac6_seq_show+0x200/0x200
[ 221.776948][ C1] ip6_xmit+0x1f53/0x2650
[ 221.781307][ C1] ? ip6_xmit+0x2650/0x2650
[ 221.785821][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 221.790535][ C1] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0
[ 221.796170][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 221.801405][ C1] tcp_write_xmit+0x39a9/0xa730
[ 221.806317][ C1] ? kmsan_get_shadow_origin_ptr+0x10/0x470
[ 221.812221][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 221.817862][ C1] tcp_send_fin+0xd43/0x1540
[ 221.822465][ C1] tcp_shutdown+0x18a/0x1f0
[ 221.826968][ C1] ? tcp_set_state+0x9b0/0x9b0
[ 221.831735][ C1] inet_shutdown+0x34b/0x5f0
[ 221.836334][ C1] ? inet_recvmsg+0x640/0x640
[ 221.841013][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 221.845960][ C1] __x64_sys_shutdown+0x3e/0x60
[ 221.850809][ C1] do_syscall_64+0xbc/0xf0
[ 221.855228][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 221.861127][ C1] RIP: 0033:0x4597c9
[ 221.865025][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 221.885511][ C1] RSP: 002b:00007fcd3dbe5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[ 221.893924][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004597c9
[ 221.901896][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[ 221.910041][ C1] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 221.918005][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd3dbe66d4
[ 221.926325][ C1] R13: 00000000004c819c R14: 00000000004de9c0 R15: 00000000ffffffff
[ 221.935695][ C1]
[ 221.938012][ C1] Uninit was created at:
[ 221.942261][ C1] kmsan_internal_poison_shadow+0x53/0xa0
[ 221.947985][ C1] kmsan_kmalloc+0xa4/0x130
[ 221.952486][ C1] kmem_cache_alloc+0x534/0xb00
[ 221.957331][ C1] inet_reqsk_alloc+0xa8/0x600
[ 221.962094][ C1] cookie_v6_check+0xadb/0x29a0
[ 221.966939][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 221.971610][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 221.976285][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 221.981999][ C1] ip6_input+0x2af/0x340
[ 221.986240][ C1] ipv6_rcv+0x683/0x710
[ 221.990425][ C1] process_backlog+0x721/0x1410
[ 221.995270][ C1] net_rx_action+0x738/0x1940
[ 221.999948][ C1] __do_softirq+0x4ad/0x858
[ 222.004965][ C1] do_softirq_own_stack+0x49/0x80
[ 222.009986][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 222.015178][ C1] local_bh_enable+0x36/0x40
[ 222.019764][ C1] ip6_finish_output2+0x213f/0x2670
[ 222.024960][ C1] ip6_finish_output+0xae4/0xbc0
[ 222.029893][ C1] ip6_output+0x5d3/0x720
[ 222.034221][ C1] ip6_xmit+0x1f53/0x2650
[ 222.038642][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 222.043316][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 222.048516][ C1] tcp_write_xmit+0x39a9/0xa730
[ 222.053866][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 222.059493][ C1] tcp_send_fin+0xd43/0x1540
[ 222.064077][ C1] tcp_shutdown+0x18a/0x1f0
[ 222.068585][ C1] inet_shutdown+0x34b/0x5f0
[ 222.073176][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 222.078106][ C1] __x64_sys_shutdown+0x3e/0x60
[ 222.082956][ C1] do_syscall_64+0xbc/0xf0
[ 222.087368][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 222.093251][ C1] ==================================================================
[ 222.101383][ C1] Disabling lock debugging due to kernel taint
[ 222.108950][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 222.115542][ C1] CPU: 1 PID: 11761 Comm: syz-executor.0 Tainted: G B 5.2.0-rc4+ #7
[ 222.124895][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 222.135031][ C1] Call Trace:
[ 222.138313][ C1]
[ 222.141178][ C1] dump_stack+0x191/0x1f0
[ 222.145521][ C1] panic+0x3c9/0xc1e
[ 222.149442][ C1] kmsan_report+0x2ca/0x2d0
[ 222.153953][ C1] __msan_warning+0x75/0xe0
[ 222.158462][ C1] tcp_create_openreq_child+0x157f/0x1cc0
[ 222.164205][ C1] tcp_v6_syn_recv_sock+0x761/0x2d80
[ 222.169513][ C1] ? __msan_poison_alloca+0x1c0/0x270
[ 222.174897][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 222.180793][ C1] ? cookie_v6_check+0x27e0/0x29a0
[ 222.185909][ C1] ? tcp_v6_conn_request+0x2d0/0x2d0
[ 222.191193][ C1] tcp_get_cookie_sock+0x16e/0x6b0
[ 222.196321][ C1] cookie_v6_check+0x27e0/0x29a0
[ 222.201297][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 222.205973][ C1] ? kmsan_memcpy_memmove_metadata+0x8bc/0xe00
[ 222.212161][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 222.216719][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 222.222479][ C1] ip6_input+0x2af/0x340
[ 222.226730][ C1] ? ip6_input+0x340/0x340
[ 222.231147][ C1] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0
[ 222.237039][ C1] ipv6_rcv+0x683/0x710
[ 222.241206][ C1] ? local_bh_enable+0x40/0x40
[ 222.245979][ C1] process_backlog+0x721/0x1410
[ 222.250843][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 222.256743][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 222.262639][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 222.267924][ C1] net_rx_action+0x738/0x1940
[ 222.272643][ C1] ? net_tx_action+0xb70/0xb70
[ 222.277411][ C1] __do_softirq+0x4ad/0x858
[ 222.281931][ C1] do_softirq_own_stack+0x49/0x80
[ 222.286942][ C1]
[ 222.289879][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 222.295085][ C1] local_bh_enable+0x36/0x40
[ 222.299677][ C1] ip6_finish_output2+0x213f/0x2670
[ 222.304987][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 222.310882][ C1] ip6_finish_output+0xae4/0xbc0
[ 222.315829][ C1] ip6_output+0x5d3/0x720
[ 222.320171][ C1] ? ip6_output+0x720/0x720
[ 222.324677][ C1] ? ac6_seq_show+0x200/0x200
[ 222.329349][ C1] ip6_xmit+0x1f53/0x2650
[ 222.333791][ C1] ? ip6_xmit+0x2650/0x2650
[ 222.338311][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 222.343102][ C1] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0
[ 222.348732][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 222.353967][ C1] tcp_write_xmit+0x39a9/0xa730
[ 222.358881][ C1] ? kmsan_get_shadow_origin_ptr+0x10/0x470
[ 222.364786][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 222.370427][ C1] tcp_send_fin+0xd43/0x1540
[ 222.375031][ C1] tcp_shutdown+0x18a/0x1f0
[ 222.379581][ C1] ? tcp_set_state+0x9b0/0x9b0
[ 222.384344][ C1] inet_shutdown+0x34b/0x5f0
[ 222.388945][ C1] ? inet_recvmsg+0x640/0x640
[ 222.393623][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 222.398569][ C1] __x64_sys_shutdown+0x3e/0x60
[ 222.403433][ C1] do_syscall_64+0xbc/0xf0
[ 222.407941][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 222.413831][ C1] RIP: 0033:0x4597c9
[ 222.417732][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 222.437342][ C1] RSP: 002b:00007fcd3dbe5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[ 222.445759][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004597c9
[ 222.453765][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[ 222.461751][ C1] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 222.469720][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd3dbe66d4
[ 222.477691][ C1] R13: 00000000004c819c R14: 00000000004de9c0 R15: 00000000ffffffff
[ 222.487032][ C1] Kernel Offset: disabled
[ 222.491359][ C1] Rebooting in 86400 seconds..